[nsp-sec] NTP Attacks, Top Sources Listed
Chip Gwyn
cgwyn at internap.com
Wed Feb 12 12:48:49 EST 2014
Hello all,
We've being getting hit fairly hard with NTP reflection attacks recently. Earlier today we've seen a sizable attack and would like to request people to take a look at the attached list and help in whatever fashion you can. The list includes the source ip, date/time (UTC), observed bit rate, and source asn. The list is sorted by bit rate. This is the top 100 we saw. This traffic was destined towards 63.251.20.99 (nyc-ts.nfoservers.com).
To be clear, we are NOT requesting ACLs or Null-Routes, we are just requesting operators take a look at the listed hosts and patch as needed.
If there are any questions about the data, please let me know.
Thanks for any help!
-chip
-------------- next part --------------
An embedded and charset-unspecified text was scrubbed...
Name: internap-ntp-ddos-2014-02-12.013200_sources.txt
URL: <https://puck.nether.net/mailman/private/nsp-security/attachments/20140212/6501f7e6/attachment-0001.txt>
More information about the nsp-security
mailing list